commit 3ae8a54a087d54cfd109ab3d844ff4cba54a28d8
author Klaus Jensen <k.jensen@samsung.com> Wed May 24 11:28:34 2023 +0200
committer Klaus Jensen <k.jensen@samsung.com> Wed Jun 28 11:22:17 2023 +0200
tree 0d9c7d8e3074d00aee2c88f9f084241e267ae7fc
parent 381ab99d858709eab34b65d123a6356b8b1e87bd

hw/nvme: fix verification of number of ruhis

Fix a off-by-one error when verifying the number of reclaim unit handle
identifiers specified in fdp.ruhs. To make the fix nicer, move the
verification of the fdp.nruh parameter to an earlier point.

Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

hw/nvme/ns.c

diff --git a/hw/nvme/ns.c b/hw/nvme/ns.c
index 547c0b1..050fdaf 100644
--- a/hw/nvme/ns.c
+++ b/hw/nvme/ns.c
@@ -438,9 +438,7 @@
 
     /* parse the placement handle identifiers */
     while ((token = qemu_strsep(&p, ";")) != NULL) {
-        ns->fdp.nphs += 1;
-        if (ns->fdp.nphs > NVME_FDP_MAXPIDS ||
-            ns->fdp.nphs == endgrp->fdp.nruh) {
+        if (ns->fdp.nphs++ == endgrp->fdp.nruh) {
             error_setg(errp, "too many placement handles");
             free(r);
             return false;

hw/nvme/subsys.c

diff --git a/hw/nvme/subsys.c b/hw/nvme/subsys.c
index 24ddec8..d30bb8b 100644
--- a/hw/nvme/subsys.c
+++ b/hw/nvme/subsys.c
@@ -158,8 +158,10 @@
 
     endgrp->fdp.nrg = subsys->params.fdp.nrg;
 
-    if (!subsys->params.fdp.nruh) {
-        error_setg(errp, "fdp.nruh must be non-zero");
+    if (!subsys->params.fdp.nruh ||
+        subsys->params.fdp.nruh > NVME_FDP_MAXPIDS) {
+        error_setg(errp, "fdp.nruh must be non-zero and less than %u",
+                   NVME_FDP_MAXPIDS);
         return false;
     }